Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in March 2018
VPNs Are Still Leaking Your Personal Information
Larry Loeb  |  3/30/2018  | 
While VPNs are supposed to allow for safe, anonymous browsing, it turns out that STUN servers on the backend can still leak personal information and your whereabouts. Here's how to minimize that.
Researcher Finds etcd Servers Leak Passwords Like a Sieve
Larry Loeb  |  3/28/2018  | 
Security researchers find that etcd servers, an essential part of Kubernetes, as well as other database system, have been leaking passwords for a long time.
Cybercriminals Using Kubernetes, Docker to Bitcoin Mine
Larry Loeb  |  3/26/2018  | 
Supposedly safe and secure Docker containers and the Kubernetes orchestration system can actually be manipulated to mine Bitcoin and other cryptocurrencies, researchers have found.
In Facebook Debacle, More Than Zuckerberg to Blame
Larry Loeb  |  3/23/2018  | 
Facebook and CEO Mark Zuckerberg are rightly taking a lot of heat from the fallout over Cambridge Analytica and the firm's use of social media data. However, other businesses, as well as users, need to take some responsibility as well.
Crypto Crumple: A New Method of Balancing Privacy & Security
Larry Loeb  |  3/22/2018  | 
In a new paper released this week, two professors describe what they call the "crypto crumple zone," which looks to balance encryption and privacy with government's ability to investigate possible crimes.
Oil & Gas Industry Face Significant Cybersecurity Threat Study
Larry Loeb  |  3/21/2018  | 
A Ponemon survey finds a growing concern among cybersecurity professionals who work in the world's oil and gas industries.\r\n\r\n
Fancy Bear Linked to DealersChoice Attacks in Europe
Larry Loeb  |  3/19/2018  | 
Researchers at Palo Alto Networks believe the Russia-linked Fancy Bear group is behind a new exploit called DealersChoice that is targeting European governments and agencies.
Government Workers Believe Security Is Someone Else's Job
Larry Loeb  |  3/16/2018  | 
A study from Dtex Systems finds a growing disconnect between government employees and the organizations that they work for over who is ultimately responsible for maintaining good security practices.
AMD Chips Have Their Own Massive Hardware Security Flaws
Larry Loeb  |  3/14/2018  | 
CTS-Labs issued a report this week that detailed 13 different vulnerabilities in AMD's Ryzen and EPYC processors that are as dangerous as the Spectre and Meltdown flaws that Intel has been trying to fix.
DHS Has Some Serious Security Failures, Report Finds
Larry Loeb  |  3/12/2018  | 
From running outdated versions of Windows, to not having effective backup, the US Department of Homeland Security has some serious security failings, according to a new report.
Increased IoT Use Causing Added Enterprise Security Concerns Report
Larry Loeb  |  3/9/2018  | 
A new study from Trustwave finds that 60% of enterprises are using IoT devices, but that these connected sensors have caused at least one security issue.
LTE Protocol Vulnerabilities Could Lead to ID Theft, Call Spoofing
Larry Loeb  |  3/7/2018  | 
Researchers at Purdue and the University of Iowa find that LTE networks have some serious protocol flaws that could lead to a host of issues, including identity theft, call spoofing and the spread of false emergency reports.
Intel's SGX Vulnerable to Spectre-Like Flaw
Larry Loeb  |  3/5/2018  | 
Intel's SGX technology, which is used by several large cloud providers, is subject to its own Spectre-like vulnerability. However, this flaw seems much easier to fix.
Memcache Servers Being Used to Launch Massive DDoS Attacks
Larry Loeb  |  3/1/2018  | 
Several reports over the last few days are finding that someone is using Memcache servers to launch massive DDoS attacks.\r\n\r\n


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.